Description of Problem:
Our webserver is accessable through netatalk (afpd) and we use
groups primarily to control access. Our default umask is 007, and most if not all of the dirs on
the webserver are g+rwxs.
However, the afpd process itself did not start with a umask that
would create the .AppleDouble dirs with write access for groups, and this led to a very hard bug
to track down - the first person to access a particular dir would be able to read and write files
fine, but anyone else would get a "You do not have sufficient permissions to edit this file"
However, upon looking at the webserver and reviewing a users group memberships, it
would APPEAR that they did have sufficient access.
Only by stracing a process with a user that
was having the problem could I find the root cause.
Version-Release number of selected
component (if applicable):
Follow the logic above and
basically end up with an .AppleDouble dir with
perms of rwxr-s--- and then have someone with group
write permissions for a file try to edit the file. If they are not the owner of the .AppleDouble
dir, they'll get the error message.
Steps to Reproduce:
It may be that the error message
you give the user can't or should not be changed - however, additional log messages would have
been a HUGE win over having to strace the problem.
I can try to provide more details, and am
willing to test patches if needed - I know there aren't that many sites suffering from netatalk
Since powertools has been discontinued and this is hardly grave enough to call for an errata update, there's nothing I can do about it, unfortunately.